French Fried: US allegedly hacked Sarkozy’s office with Flame

L'Express says members of Sarkozy's staff were targeted over Facebook.

The French news magazine L'Express has reported that in May computers in the offices of France's then-president Nicolas Sarkozy were attacked by Flame, the malware jointly developed by the US and Israel to collect information on the Iranian nuclear program, and that staff at the Elysee Palace covered up the attack. "Hackers have not only managed to get to the heart of French political power," L'Express reported, "but they were able to search the computers of close advisers of Nicolas Sarkozy."

While Sarkozy was not directly targeted—it is reported by L'Express that he did not have a PC—the report claims that "secret notes were recovered from hard drives, and also strategic plans." The victims of the attack were allegedly targeted through Facebook and then "spearphished" by the attackers, who sent a link to a website that replicated the Elysee's intranet site—a site that captured their usernames and passwords, and infected their computers with malware. Sources told L'Express that the malware's signature matched that of the Flame "worm."

Once inside the intranet, the worm was able to work its way across the network, eventually infecting the computers of a number of Sarkozy's closest advisers including his Secretary-General Xavier Musca. The attack was ultimately detected by the French government's computer security agency, the Agence nationale de la sécurité des systèmes d'information (Anssi); the Elysee's network was down for several days as an Anssi team cleared the worm from infected systems.

So far, the French government has not commented on the allegations, and the US embassy in Paris has issued a strong denial of US involvement. The French government had previously confirmed that the Palace was the target of two large-scale cyber-attacks in May, but had not disclosed details of them.

As I read it, it sounds like the targets being "spearphished" opened a link, apparently to their intranet, that they received via Facebook. I know that might not be obviously risky to a non-technical person, but I really think that if you get to use a government computer containing confidential information, you probably need to learn a bit about not clicking links from outside sources, even (or especially) if they are from Facebook. Still, it sounds like it would only take one person making that mistake for it to get inside, so I don't think simply telling everyone "don't do that!" is an adequate defense.

It's also been reported that an anonymous source surmises it might be a case of the U.S. seeking some sort of reassurance that France is still on their side, "especially in a period of political transition." Not the most friendly or diplomatic behavior, especially given the method used, though.

I also idly wonder if there's a third party that's gotten a hold of Flame and used it against France, though I don't see that sort of "false flag" operation as very likely.

Question: was it ever confirmed by anyone besides "unnamed sources" cited by one Washington Post article that confirmed Flame was made by the US? Just curious, it always seemed like that is rather weak on the "confirmation" scale to me.

Pinko! wrote:

So, is this the first documented case of cyber friendly fire?

I think friendly fire would imply it wasn't intentional. It sounds from the description like it was, although there isn't any way to know for sure who was behind it, no matter what signature it matched (anyone could have modified Flame to attack an alternate target).

Question: was it ever confirmed by anyone besides "unnamed sources" cited by one Washington Post article that confirmed Flame was made by the US? Just curious, it always seemed like that is rather weak on the "confirmation" scale to me.

The article doesn't name its sources, sure, but that's normal for a properly researched story from a major newspaper on something as contentious as this. Given its long track record of journalistic integrity when it comes to these kinds of issues (*cough* Watergate *cough*), I think it's safe to assume that the Post isn't just making stuff up!

Taking off my editor hat for a moment and putting on my ex-military hat: France may be a NATO ally, and a partner on many fronts, but that doesn't mean that they don't spy on us and vice versa. They have their own foreign policy which often runs into conflict with ours. And it's hard to believe after a decade of US wars overseas, but France has always been a lot more agressive about use of military force (Chad, French Guyana) and generally doing things that fall under the category of Doing Shit That Annoys Us (continued nuclear testing until 1996, sinking the Rainbow Warrior, and other legacies of Gaullism).

France has had closer ties to Syria, had ties to Qaddafi, and have had ties to Iran--possibly even selling them nuclear technology. So, there are plenty of reasons the US might want to keep an eye on them.

Taking off my editor hat for a moment and putting on my ex-military hat: France may be a NATO ally, and a partner on many fronts, but that doesn't mean that they don't spy on us and vice versa. They have their own foreign policy which often runs into conflict with ours. And it's hard to believe after a decade of US wars overseas, but France has always been a lot more agressive about use of military force (Chad, French Guyana) and generally doing things that fall under the category of Doing Shit That Annoys Us (continued nuclear testing until 1996, sinking the Rainbow Warrior, and other legacies of Gaullism).

France has had closer ties to Syria, had ties to Qaddafi, and have had ties to Iran--possibly even selling them nuclear technology. So, there are plenty of reasons the US might want to keep an eye on them.

Agree completely with your last sentence, but saying "France has always been a lot more agressive about use of military force [than the US]", seems pretty bizarre! The list of US, post-WWII military conflicts and wars is a mile long.

Agree completely with your last sentence, but saying "France has always been a lot more agressive about use of military force [than the US]", seems pretty bizarre! The list of US, post-WWII military conflicts and wars is a mile long.

Remember how Vietnam started—we took over for the French. And I base my comments on some of the things the French used the Foreign Legion for over the last 3 decades since it's been around.

I am still of the idea that secret service and intelligence is not a substitute for strong democratic institutions/legal oversight/corruption fight/solid civic education. Intelligence should be a residual/defensive tool, not a surrogate to cope with government inaction/ineptitude to defends its country's interest or a political instrument.

I am rather happy that "Sarko" (President Sarkozy) and his syrian friends* are not welcome anymore in the 8th arrondissement in Paris. This is a case where debatable choices have been rejected by the French voters, since major facts about the syrian affair where rather known to the press.

Cheers, and let's get ready to more stories like this, but with threats coming from everywhereMatyas

*for example http://en.wikipedia.org/wiki/Michel_SamahaSamaha (from Lebanon) "was also the advisor and close ally of Syrian President Bashar Assad and the Assad family since the time of late President Hafez Assad. Samaha served as the advisor of Bashar Assad in regard to his public relations in Europe. Samaha had close ties with the French, Canadian, and US governments and assumed secret diplomatic and security roles".

Question: was it ever confirmed by anyone besides "unnamed sources" cited by one Washington Post article that confirmed Flame was made by the US? Just curious, it always seemed like that is rather weak on the "confirmation" scale to me.

Pinko! wrote:

So, is this the first documented case of cyber friendly fire?

I think friendly fire would imply it wasn't intentional. It sounds from the description like it was, although there isn't any way to know for sure who was behind it, no matter what signature it matched (anyone could have modified Flame to attack an alternate target).

I wondered about that too - I noticed another article (http://thehill.com/blogs/global-affairs ... -computers) say "In the interview, Napolitano also said that the Flame and Stuxnet viruses had “never been linked to the U.S. government.” which surprised me as I thought it had been officially linked.

I guarantee you that this is almost certainly not from the USA. It doesn't pass the sniff test at all. Anyone who thinks the CIA would give the tiniest crap about an extremely pro-American president of one of our strongest allies, France, is either far gone in conspiracy land or has a wildly inflated opinion of France's importance on the CIA/USA's radar (both of are common French afflictions).

These kinds of operations, especially one targeted at the head of state of one of our most important allies, would have to be authorized by the president, and Sarkozy and Obama are buddies. No. Freakin. Way.

First, start with the obvious: whoever did it was an *enemy* of Sarkozy or France. Secondly, two things an attacker would place high value on are 1) drawing attention from themselves by framing someone else, and 2) the most advanced attack technology they can get. Both of those requirements would be beautifully met by simply repurposing Flame, which has now been studied and dissected by people all over the world. Get super-advanced technology (which may well be beyond the expertise of the attackers) for free, and frame the USA at the same time: perfect!

So it would make absolutely perfect sense for someone other than the USA to now use Flame in this way. I expect we will see tons of attacks using Flame variants around the world in the future, for this very reason.

There are two much more obvious and likely candidates for the attacker: as far as enemies of France, China would obviously fit the bill, since the French and Chinese have had pretty heated words in the last few years, and they would also obviously love to pass the blame on to the US.

As far as Sarkozy enemies, a very important thing to remember is that the there is a history of people attempting to smear Sarkozy (although not from the left); just a few years ago the ex-prime minister Dominique de Villepin was was accused of dirty tricks after it was discovered that someone modified a critical list of kickback recipients in a corruption investigation by falsely adding Sarkozy's name to the list [edit: should point out that de Villepin is not on the left, but was a huge enemy of Sarkozy]. And oh, by the way, there was a French presidential election in May, in which the left was desperate to unseat Sarkozy. Funny coincidence about this and election happening the same month, no?

Whoever did this either really had it in for Sarkozy, or was extremely paranoid about France. I'd bet on China as the most likely suspect, and somebody on the french left, who hated Sarkozy passionately, as the second most likely.

Agree completely with your last sentence, but saying "France has always been a lot more agressive about use of military force [than the US]", seems pretty bizarre! The list of US, post-WWII military conflicts and wars is a mile long.

Remember how Vietnam started—we took over for the French. And I base my comments on some of the things the French used the Foreign Legion for over the last 3 decades.

Because I'm bored, here's a comparison of the post-WWII conflicts in which the two countries have been involved. For brevity, I omitted those that both the US and France were involved in together (e.g. Korean War), as well as those that were UN-sanctioned. On the other hand, I did not omit conflicts that are to do with the countries defending their own territory (marked with an asterisk) even though they probably shouldn't be on the list. On the other other hand, I did omit conflicts where the countries were only covertly involved, even though they probably should be (e.g. US involvement in El Salvador, Nicaragua, Chile, etc.).

If I was a hacker, getting my hands on StuxNet or Flame would be a prime directive. If I was an employee of a national spying organization even more so.

From everything I've read they sound like the ultimate "Swiss Army Knives" of hacking. Looking at it from another perspective, it gives you, the hacker even better cover, "the Israelis or the Yankees did it, not us!"

There are enough other nationalistic organizations operating black hat ops from around the world that would like to see what the French are up to. I don't think you have to stop suspecting others than the US and Israel.

Something to consider, the French might be a part of NATO but they also have a nuke arsenal and it operates under independent control from NATO. Most of their military systems are as independent as well.

Where's the evidence that this Flame-like software was used against France by the US, as opposed to the other co-developer, Israel? Israel is known to have a very active intelligence program, and has been caught red handed spying on it's allies, including even the US in recent history. France is much friendlier with the Arab world than the US, and doesn't have quite the same shine on Israel that the other major western powers do. I scanned through the Google-translated version of the linked article, and saw nothing to implicate the US except that the attack seemed to be similar to Flame, of which Israel is also a known user/developer. There's no more evidence to suggest that Israel is the culprit over the US, but given the political situation, it sure seems more likely.

As far as Sarkozy enemies, a very important thing to remember is that the french left has a history of attempting to smear Sarkozy; just a few years ago the ex-prime minister Dominique de Villepin was was accused of dirty tricks after it was discovered that someone modified a critical list of kickback recipients in a corruption investigation by falsely adding Sarkozy's name to the list. And oh, by the way, there was a French presidential election in May, in which the left was desperate to unseat Sarkozy. Funny coincidence,

Get your fact right before throwing conspiracy theories : De Villepin did try to smear Sarkozy with the Clearstream file but he is a right-wing politician, at the time in the same party as Sarkozy (they were rivals to be their party next presidential candidate).The French left party was never mentioned in that story.

Agree completely with your last sentence, but saying "France has always been a lot more agressive about use of military force [than the US]", seems pretty bizarre! The list of US, post-WWII military conflicts and wars is a mile long.

Remember how Vietnam started—we took over for the French. And I base my comments on some of the things the French used the Foreign Legion for over the last 3 decades.

Because I'm bored, here's a comparison of the post-WWII conflicts in which the two countries have been involved. For brevity, I omitted those that both the US and France were involved in together (e.g. Korean War), as well as those that were UN-sanctioned. On the other hand, I did not omit conflicts that are to do with the countries defending their own territory (marked with an asterisk) even though they probably shouldn't be on the list. On the other other hand, I did omit conflicts where the countries were only covertly involved, even though they probably should be (e.g. US involvement in El Salvador, Nicaragua, Chile, etc.).

I'm sure this isn't a 100% accurate list, but the difference in overall belligerence is, at least to my mind, transparently obvious.

Well, you omitted Vietnam from one list after saying you were omitting joint operations and then added it to another. I don't have the time to verify the rest of your list, but that glaring omission given it's citation right in the post you quoted really makes me suspect your bias.

Something to consider, the French might be a part of NATO but they also have a nuke arsenal and it operates under independent control from NATO. Most of their military systems are as independent as well.

And like all the rest of the nations with nuclear weapons it's going to sit on those weapons. The only rational use of nuclear weapons is defending your own borders. Using them for offence means signing a death sentence for yourself and a lot of other people without you even being threatened. Seems like a bad deal to any human who fear death or pain. This is also why no one wants to be on the offense against a nation with nuclear weapons. You don't want to pressure somebody into using nukes. This is kinda why the cold war didn't become the third world war and why nuclear weapons isn't all bad.

I admit I pulled this one from civ 5:"The day when two army corps can annihilate each other in one second, all civilized nations, it is to be hoped, will recoil from war and discharge their troops."--Alfred Nobel

This really shows up the "Flame was only for Iran and worked so super good" posts.France has often gone its own way - from banking with gold, post ww2 occupation of Germany, pre Vietnam, weapon sales, NATO nuclear policy, 'freedom fighter' support in Libya...

What really upsets the USA is France stepping in areas the US sees as its private club:Aerospace, advanced space platforms, bridge building/telco/dams/nuclear/oil/mining contracts-France is just very good at building stuff at a fair rate or for its friends around the world.The products offered last, the political elite are cared for, French workers get quality work for life, everybody is happy.

The USA has a long history of electronic warfare - ww1 was their first good efforts, post ww1 total fail, 1930's they recovered the art, ww2 - very good, post ww2/pre Korea - very poor in the field/learning from ww2/1950's on - never would the USA be second in electronics/computing again.

France knows this - they know of ECHELON, they know of the origins of Flame....They know the NSA loves to watch French trade deals and all French political leaders.As a nuclear power France has the skills to build some very hardened networks.

Why was Sarkozy left so telco 'open'? Why is this even in the press? Why is France running Windows at that level on the 'net'?Why would the US do this to France in such an open, foolish way?Did something bad happen in Libya? Is France going its own way with Syrian "freedom fighters" and offering much more exotic weapons found in Libya? So is this internal to France? A well known 3rd party playing games with the French/US relationship?The USA watches France and its trade but older US spies should recall Vladimir Vetrov- France was very helpful to the US - Has the US lost control of a part of its new "younger" cyber command?

It was sunk under Mitterrand, which is as far from Gaullism as it gets.

seanmgallagher wrote:

France has had closer ties to Syria

France is the former colonial power in Syria and Lebanon, it's normal they have links, as France's relationship to Lebanon is similar to the US' with Israel, and Syria is the 800lb gorilla in Lebanese factional politics. When Bashar al Assad succeeded his father, they thought, not unreasonably, that there was potential for reforms. When the Syrians assassinated Rafik Hariri, Chirac put the relationship on ice. Sarkozy tried briefly to revive it. The French were the first to recognize the Syrian opposition, BTW.

seanmgallagher wrote:

had ties to Qaddafi

That's preposterous. The French prevented him from taking over Chad, and he retaliated by bombing a French UTA (now part of Air France) jet. When I did my military service in 1989, there were yearly exercises to prepare for an airborne carrier+helicopter assault on Tripoli The French were also the first to recognize the opposition in Libya and took the lead in supporting the rebels.

France did refuse US aircraft permission to overfly its territory in 1986 when they went to bomb Tripoli, but that was in retaliation for the US leaving them alone to go ahead with bombing of Hizbullah/Iranian positions in Lebanon because Reagan had last-minute doubts (see the excellent book "The Twilight War" by David Crist for more details).

If anything, the Brits and Americans were the first to cut a deal with Ghaddafi, to bring him out of the cold in exchange for abandoning his nuclear program and compensating Lockerbie victims, thus annoying the French mightily because the UTA victims were left out of the deal.

seanmgallagher wrote:

Iran--possibly even selling them nuclear technology

That's an outlandish and completely unsubstantiated claim. Perhaps you are confusing with Iraq, as the French were one of the major backers of Saddam Hussein during the Iran-Iraq war and helped with the Iraqi nuclear reactor at Osirak.

Agree completely with your last sentence, but saying "France has always been a lot more agressive about use of military force [than the US]", seems pretty bizarre! The list of US, post-WWII military conflicts and wars is a mile long.

Remember how Vietnam started—we took over for the French. And I base my comments on some of the things the French used the Foreign Legion for over the last 3 decades.

Because I'm bored, here's a comparison of the post-WWII conflicts in which the two countries have been involved. For brevity, I omitted those that both the US and France were involved in together (e.g. Korean War), as well as those that were UN-sanctioned. On the other hand, I did not omit conflicts that are to do with the countries defending their own territory (marked with an asterisk) even though they probably shouldn't be on the list. On the other other hand, I did omit conflicts where the countries were only covertly involved, even though they probably should be (e.g. US involvement in El Salvador, Nicaragua, Chile, etc.).

I'm sure this isn't a 100% accurate list, but the difference in overall belligerence is, at least to my mind, transparently obvious.

Well, you omitted Vietnam from one list after saying you were omitting joint operations and then added it to another. I don't have the time to verify the rest of your list, but that glaring omission given it's citation right in the post you quoted really makes me suspect your bias.

As far as Sarkozy enemies, a very important thing to remember is that the french left has a history of attempting to smear Sarkozy; just a few years ago the ex-prime minister Dominique de Villepin was was accused of dirty tricks after it was discovered that someone modified a critical list of kickback recipients in a corruption investigation by falsely adding Sarkozy's name to the list. And oh, by the way, there was a French presidential election in May, in which the left was desperate to unseat Sarkozy. Funny coincidence,

Get your fact right before throwing conspiracy theories : De Villepin did try to smear Sarkozy with the Clearstream file but he is a right-wing politician, at the time in the same party as Sarkozy (they were rivals to be their party next presidential candidate).The French left party was never mentioned in that story.

The problem is that, at this point, we can't even be sure that the US is behind the attack. While it is pretty obvious that the US and Israel created flame, by May, the Russians had their hands on it too, and I mean, if I was them, I would have modified it for my own purposes and sent it back out.

At this point I would imagine anyone with the source code and a bit of time could have used it. The real question is where the information was sent to - the same place as the rest of it, or elsewhere?

This isn't to say that the US didn't do it, but just because it is Flame, it doesn't mean it was the US. Indeed, it is far likelier that it was Russia or China - I'm pretty sure the US already has better ways of spying on France.

Quote:

hux's list

You listed Indochina and Vietnam on both lists, even though they were the same conflict - the US took over for France.

Also, excluding all the conflicts that we had together exaggerates the differences - the US was involved in maybe a third more conflicts once you take them all into account, and yet the US has about 5x the population of France. That's not much of a difference in aggression, especially when you consider how much larger the US military budget is as well.

Quote:

"The day when two army corps can annihilate each other in one second, all civilized nations, it is to be hoped, will recoil from war and discharge their troops."--Alfred Nobel

He had the right idea, he was just off by six orders of magnitude or so.

Though to be fair, the real deal is that none of the superpowers ever go to war with anyone who has the power, though there's a legitimate chance that North Korea will end in war.

It's also been reported that an anonymous source surmises it might be a case of the U.S. seeking some sort of reassurance that France is still on their side, "especially in a period of political transition." Not the most friendly or diplomatic behavior, especially given the method used, though.

I also idly wonder if there's a third party that's gotten a hold of Flame and used it against France, though I don't see that sort of "false flag" operation as very likely.

At least they didn't just start a revolution, or plan an assassination.

Also, excluding all the conflicts that we had together exaggerates the differences - the US was involved in maybe a third more conflicts once you take them all into account, and yet the US has about 5x the population of France. That's not much of a difference in aggression, especially when you consider how much larger the US military budget is as well.

Let's just agree that the USA and France are both very aggressive compared to just about every other country out there. Who really cares who's the biggest bully?

- the attack occurred a few days before the second round of the elections. In France, the second round happens when there are only two candidates left - the two guys who got the most votes on the first round. It was also looking clear that Sarkozy was going to lose.

- according to the newspaper, here's how the attack went:1. Members of the cabinet received a link from someone passing as their friend on Facebook.2. Upon clicking the link, they were redirected to a page looking like the Elysee Intranet, where they had to give their login and password.3. Having done that, the login info was sent to the hacker. They could then access the intranet and upload the worm.

This attack was planned, and targeted key members. It's definitely not unintentional. It begs the question: who has enough means to launch an attack that complex? Either the US, or Israel. Even if a third party got to Flame, it would be quite difficult for them to orchestrate this attack.

The article doesn't rule out the possibility of China being the authors, but it's very unlikely.And, in conclusion, the best defense is to teach people against social engineering. You can have all the automated scripts and counter-attack mechanisms in the world, you're still vulnerable if your employees give out their passwords.

Just because it's Flame doesn't mean it's the US. I suspect that pretty much every intelligence agency in the developed world has grabbed their own version of it.

I doubt that the US would attempt such a broad hack of the French government computer systems, since it's overwhelmingly likely that they would get busted. It'd need Obama's personal approval and I doubt he'd give it for an intelligence fishing expedition with a high chance of backfiring.If it were a targeted attack against some French oil trade commissioner then I could more easily believe US involvement.

By the way, I am disturbed that people would claim that either the US (late for both wars) or France (LOL) are the most aggressive power. For sheer bloody-minded imperialism, I think the British are in a league of their own. There are very few countries that we have not at some point occupied or fought - generally for incredibly stupid or made-up reasons. Rule Brittania!

- The attackers identified people and looked at their Facebook pages to get information on friends.

- They then sent an email with a click-thru link embedded in it.

- The idiots clicked the email link and gave the attackers their login details.

There's nothing particularly sophisticated about this. It's pretty much a standard technique. It appears that a lot of fuss is being kicked up about it having to have been a foreign intelligence agency using arcane techniques to try and deflect from the stupidity of those that were caught by it.

The real surprise, and where the French anger should be directed, is how naive the Sarkozy staff were to have public information available on Facebook and then to follow links in email. I'd say that security training needs to be updated.

Well, you omitted Vietnam from one list after saying you were omitting joint operations and then added it to another. I don't have the time to verify the rest of your list, but that glaring omission given it's citation right in the post you quoted really makes me suspect your bias.

Vietnam is part of Indochina, which is included in the first list. Indochina also included Cambodia and Laos. The war was concluded in 1954 with the Conference of Geneva when the Viet Minh and France reached peace settlements - France moreover recognized the independance of Cambodia, Laos, and the two Vietnamese states which were de facto constituted at this point. These settlements were accepted neither by the State of South Vietnam nor the US, and the Vietnam war started from there.

There was thus no joint operations there, considering the US started their military operations only after the French got away.

By the way, instead of merely listing the number of conflicts, it would probably be more interesting to list the cumulated time these two countries have been in wars.

- The attackers identified people and looked at their Facebook pages to get information on friends.

- They then sent an email with a click-thru link embedded in it.

- The idiots clicked the email link and gave the attackers their login details.

There's nothing particularly sophisticated about this. It's pretty much a standard technique. It appears that a lot of fuss is being kicked up about it having to have been a foreign intelligence agency using arcane techniques to try and deflect from the stupidity of those that were caught by it.

The real surprise, and where the French anger should be directed, is how naive the Sarkozy staff were to have public information available on Facebook and then to follow links in email. I'd say that security training needs to be updated.

The phising technique was merely the way the worm got INTO the intranet. It means the attacker had only to find ONE person to get in. Once inside the house, the worm just had to replicate itself toward its target.

The attack looks quite sophisticated in this regard: a good knowledge of the infrastructure of the Elysee was necessary, as well as a good knowledge of people authorized to access it. Even worse: the article says that only a the computers of a few top aides of Nicolas Sarkozy were infected by the self-replicating worm, which proves that the attack was very precisely targeted.

France has had closer ties to Syria, had ties to Qaddafi, and have had ties to Iran--possibly even selling them nuclear technology. So, there are plenty of reasons the US might want to keep an eye on them.

And in the end, France is probably the second closest ally USA has, after UK. But that doesn't mean that they have to have identical relations to other countries as USA does.

Because I'm bored, here's a comparison of the post-WWII conflicts in which the two countries have been involved. For brevity, I omitted those that both the US and France were involved in together (e.g. Korean War), as well as those that were UN-sanctioned. On the other hand, I did not omit conflicts that are to do with the countries defending their own territory (marked with an asterisk) even though they probably shouldn't be on the list. On the other other hand, I did omit conflicts where the countries were only covertly involved, even though they probably should be (e.g. US involvement in El Salvador, Nicaragua, Chile, etc.).

I'm sure this isn't a 100% accurate list, but the difference in overall belligerence is, at least to my mind, transparently obvious.

Your list is not complete. France was also involved in Ivory Coast, Afganistan, Zaire, Libya... And then there is the recent anti-piracy operation outside Somalia.

France has not shied away from using military force. Which is interesting, considering the "reputation" they have in USA. Among civilians that is, it is my understand that the US military highly values the French Military.

As to the comment made about France being one of Saddam Husseins biggest supporters during Iraq-Iran-war... Well, the entire west was backing Hussein in that war, France and USA included.

As I read it, it sounds like the targets being "spearphished" opened a link, apparently to their intranet, that they received via Facebook. I know that might not be obviously risky to a non-technical person, but I really think that if you get to use a government computer containing confidential information, you probably need to learn a bit about not clicking links from outside sources, even (or especially) if they are from Facebook. Still, it sounds like it would only take one person making that mistake for it to get inside, so I don't think simply telling everyone "don't do that!" is an adequate defense.

We just block the Facebook entirely in our company firewall as we consider it a security risk. Goverments should do the same with sensitive computers. If you want to be on facebook use an iPad of something on an unsecured network!!

As I read it, it sounds like the targets being "spearphished" opened a link, apparently to their intranet, that they received via Facebook. I know that might not be obviously risky to a non-technical person, but I really think that if you get to use a government computer containing confidential information, you probably need to learn a bit about not clicking links from outside sources, even (or especially) if they are from Facebook. Still, it sounds like it would only take one person making that mistake for it to get inside, so I don't think simply telling everyone "don't do that!" is an adequate defense.

We just block the Facebook entirely in our company firewall as we consider it a security risk. Goverments should do the same with sensitive computers. If you want to be on facebook use an iPad of something on an unsecured network!!

Facebook is only necessary to begin the social engineering process that ultimately leads to the target being duped into clicking a link (because the attacker has garnered their turst). Blocking facebook would have no effect on this. The point is that the attacker gains the trust of the target. If they forged a 'relationship' with the target on his/her personal time it would have the exact same effect.

We just block the Facebook entirely in our company firewall as we consider it a security risk. Goverments should do the same with sensitive computers

The situation in France is a bit different than what you describe: many politics are dragged into social medias screaming and kicking after failing to understand the "web 1.0" altogether: most have no idea what they are doing but they are desperate not to look too lost with that. They have been several "scandals" already coming from French politicians misusing twitter and facebook.

Basically, you're talking about a bunch of old reactionaries who, after years of dealing with communication as if Thomas Edison had the last word suddenly realizing that, if they want to survive and not be completely cut from their base, they have to learn and fast. And none of them have the necessary mindset to learn anything new any more.

So it's no wonder that, in such a situation, high-placed government officials have a less than very sane approach to computing in general and security in particular. I'm sure they have very competent specialists that could help them with that if they only listen to them